User's Manual
INTRODUCTION
TO
THE
80286
The 80286, like all members of the 8086 series, supports a segmented memory architecture. The 80286
also fully integrates memory segmentation into a comprehensive protection scheme. This protection
scheme includes hardware-enforced length and type checking to protect segments from inadvertent
misuse.
1.3.2 Task Management
The 80286
is
designed to support multi-tasking systems. The architecture provides direct support for
the concept of a task. For example, task state segments (see section 8.2
in
Chapter
8)
are hardware-
recognized and hardware-manipulated structures that contain information
on
the current state of all
tasks
in
the system.
Very efficient context-switching (task-switching) can be invoked with a single instruction. Separate
logical address spaces are provided for each task
in
the system. Finally, mechanisms exist to support
intertask communication, synchronization, memory sharing, and task scheduling. Task Management
is
described in Chapter
8.
1.3.3 Protection Mechanisms
The 80286 allows the system designer to define a comprehensive protection policy
to
be applied,
uniformly and continuously, to all ongoing operations of the system.
Such a policy may
be
desirable to
ensure system reliability, privacy of data, rapid error recovery, and separation of multiple users.
The
80286 protection mechanisms are based
on
the notion of a "hierarchy of trust." Four privilege
levels are distinguished, ranging from Level
0 (most trusted) to Level 3 (least trusted). Level 0
is
usually reserved for the operating system kernel. The four levels may be visualized
as
concentric rings,
with the most privileged level
in
the center (see figure
1-1).
This four-level scheme offers system reliability, flexibility, and design options not possible with the
typical two-level (supervisor luser) separation provided by other processors. A four-level division
is
capable of separating kernel, executive, system services, and application software, each with different
privileges.
At
anyone
time, a task executes at one of the four levels. Moreover, all data segments and code
segments are also assigned to privilege levels. A task executing at one level cannot access data at a
more privileged level, nor can it call a procedure at a less privileged level (i.e., trust a
less
privileged
procedure to do work for it). Thus, both access to data and transfer of control are restricted
in
appro-
priate ways.
A complete separation can exist between the logical address spaces local to different tasks, providing
users with automatic protection against accidental or malicious interference by other users. The hardware
also provides immediate detection of a number of fault and error conditions, a feature that can be
useful
in
the development and maintenance of software.
Finally, these protection mechanisms require relatively little system overhead because they are integrated
into the memory management and protection hardware of the processor itself.
1-3